import javax.naming.*;
import javax.naming.directory.*;
+// FIXME: inbound throttling/ratelimiting
+
// RFC's implemented
// RFC2554: SMTP Service Extension for Authentication
// - did not implement section 5, though
boolean ehlo = false;
String remotehost = null;
String authenticatedAs = null;
+ int failedRcptCount = 0;
for(String command = conn.readln(); ; command = conn.readln()) try {
if (command == null) return;
Log.warn("**"+conn.getRemoteAddress()+"**", command);
command = command.substring(10).trim();
from = command.equals("<>") ? null : new Address(command);
conn.println("250 " + from + " is syntactically correct");
+ // FEATURE: perform SMTP validation on the address, reject if invalid
} else if (c.startsWith("RCPT TO:")) {
// some clients are broken and put RCPT first; we will tolerate this
command = command.substring(8).trim();
if(command.indexOf(' ') != -1) command = command.substring(0, command.indexOf(' '));
Address addr = new Address(command);
- if (addr.isLocal()) {
- // FEATURE: should check the address further and give 550 if undeliverable
- conn.println("250 " + addr + " is on this machine; I will deliver it");
- to.addElement(addr);
- } else if (conn.getRemoteAddress().isLoopbackAddress() || (from!=null&&from.toString().indexOf("johnw")!=-1)) {
+ if (conn.getRemoteAddress().isLoopbackAddress() || (from!=null&&from.toString().indexOf("johnw")!=-1)) {
conn.println("250 you are connected locally, so I will let you send");
to.addElement(addr);
- whitelist.addWhitelist(addr);
+ if (!whitelist.isWhitelisted(addr))
+ whitelist.addWhitelist(addr);
} else if (authenticatedAs!=null) {
conn.println("250 you are authenticated as "+authenticatedAs+", so I will let you send");
to.addElement(addr);
- whitelist.addWhitelist(addr);
+ if (!whitelist.isWhitelisted(addr))
+ whitelist.addWhitelist(addr);
+ } else if (addr.isLocal()) {
+ if (to.size() > 3) {
+ conn.println("536 sorry, limit on 3 RCPT TO's per DATA");
+ } else {
+ // FEATURE: should check the address further and give 550 if undeliverable
+ conn.println("250 " + addr + " is on this machine; I will deliver it");
+ to.addElement(addr);
+ }
} else {
conn.println("535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
Log.warn("","535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
+ failedRcptCount++;
+ if (failedRcptCount > 3) {
+ conn.close();
+ return;
+ }
}
conn.flush();
} else if (c.startsWith("DATA")) {
if (s.equals(".")) break;
if (s.startsWith(".")) s = s.substring(1);
buf.append(s + "\r\n");
- if (MAX_MESSAGE_SIZE != -1 && buf.length() > MAX_MESSAGE_SIZE) {
+ if (MAX_MESSAGE_SIZE != -1 && buf.length() > MAX_MESSAGE_SIZE && (from+"").indexOf("paperless")==-1) {
Log.error("**"+conn.getRemoteAddress()+"**",
"sorry, this mail server only accepts messages of less than " +
ByteSize.toString(MAX_MESSAGE_SIZE));
ByteSize.toString(MAX_MESSAGE_SIZE));
}
}
- String body = buf.toString();
+ String message = buf.toString();
Message m = null;
- for(int i=0; i<to.size(); i++) {
- m = Message.newMessage(Fountain.Util.create(body), from, (Address)to.elementAt(i));
- enqueue(m);
- }
+ for(int i=0; i<to.size(); i++)
+ enqueue(m = Message.newMessage(Fountain.Util.create(message)).withEnvelope(from, (Address)to.elementAt(i)));
if (m != null) Log.info(SMTP.class, "accepted message: " + m.summary());
conn.println("250 message accepted");
conn.flush();
}
for(int i=0; i<mx.length; i++) {
//if (deadHosts.contains(mx[i])) continue;
- if (attempt(m, mx[i])) { return true; }
+ if (attempt(m, mx[i])) return true;
}
return false;
}
private static void check(String s, Connection conn) {
if (s==null) return;
while (s.length() > 3 && s.charAt(3) == '-') s = conn.readln();
- if (s.startsWith("4")||s.startsWith("5")) throw new SMTPException(s);
+ //if (s.startsWith("4")||s.startsWith("5")) throw new SMTPException(s);
+ if (!s.startsWith("2")&&!s.startsWith("3")) throw new SMTPException(s);
}
private static boolean attempt(final Message m, final InetAddress mx) {
boolean accepted = false;
Log.warn(SMTP.Outgoing.class, " unable to send; error=" + e);
Log.warn(SMTP.Outgoing.class, " message: " + m.summary());
Log.warn(SMTP.Outgoing.class, e);
+ /*
+ // FIXME: we should not be bouncing here!
if (e.code >= 500 && e.code <= 599) {
try {
attempt(m.bounce("unable to deliver: " + e), true);
}
return true;
}
+ */
return false;
} catch (Exception e) {
if (accepted) return true;
Log.warn(SMTP.Outgoing.class, " unable to send; error=" + e);
Log.warn(SMTP.Outgoing.class, " message: " + m.summary());
Log.warn(SMTP.Outgoing.class, e);
- if (conn != null) Log.warn(SMTP.Outgoing.class, conn.dumpLog());
+ //if (conn != null) Log.warn(SMTP.Outgoing.class, conn.dumpLog());
return false;
} finally {
if (conn != null) conn.close();